Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party of EU data protection regulators has issued its own report on the matter. The summary of findings by the Working Party, which draws from both written submissions and oral contributions, begins by commending U.S. authorities for their efforts in establishing a procedural framework to support the operation of Privacy Shield but quickly shifts to the Working Party’s concerns. Should the concerns not be addressed by the time of the second joint review, the Working Party notes that its members will “take appropriate action,” including bringing a Privacy Shield adequacy decision to national courts for reference to the Court of Justice of the European Union for a preliminary ruling.
During a November 13, 2014 hearing before the Digital Rights Commission of the French National Assembly, Jean-Marie Delarue, the head of France’s oversight Commission for National Security Interceptions said that France’s 1991 law on national security wiretaps needed to be updated to better protect individuals. Currently, the CNCIS is consulted by the Prime Minister’s office before the implementation of national security wiretaps. According to Mr. Delarue, this system works well for wiretaps. But the collection of metadata falls largely outside this procedure. According to Delarue, a major overhaul of the 1991 law on national security wiretaps is needed to catch up with modern intelligence gathering techniques and to better reflect the case law of the European Court of Human Rights. According to Delarue, justifications for government invasion of privacy need to be narrowly defined by law. Broad justifications such as “fundamental interests of the nation” are too vague to withstand scrutiny under European constitutional principles.